Siri, should I trust the cloud?
The debate over data privacy has been going on long before the cloud. Even when the data was being stored on your desktop or the server companies had to worry about whether the information was being encrypted, password protected or otherwise secure. Fast forward to 2012 and we have “features” that automatically compromise any notions on privacy “in order to deliver a better experience”
Wired has a great story about how IBM has shut down Siri on it’s own networks. Everything you say to Siri gets uploaded to the iCloud where computers powerful enough to process your voice commands turn it into text and send back results. The problem is that Apple provides no data destruction disclosure at all. It gets worse when you consider that Siri also sends your contacts and all other sorts of information to the same cloud to make better recommendations. So you’re being tracked, logged, audited and processed every time you interact with your device.
Two months ago even ACLU spoke out (pun intended) against Apple and Siri specifically. Yet millions of people willingly forgo their privacy concerns for the device they overpaid for that is arguably inferior in terms of performance and features when compared to it’s closest competitors. All of those details are arguable but the privacy elephant in the room is hard to overlook.
What does this have to do with MSPs? It just gives us more stuff to talk about!
Are you aware that Siri uploads confidential info to Apple data centers?
Is there anything in your confidential information that is being uploaded to Apple data centers that would cause you legal exposure?
Do you have a policy on what sort of data your employees are sharing automatically with Apple?
Do you have a policy on what type of data your employees are sharing personally that disclose corporate data? Are your employees permitted to check in at clients offices when they go to the visit? Are they posting on Facebook during business hours? Are they posting details about the work or just personal stuff? Which of those is authorized by the company?
Those are just a part of the discussion but more importantly they are a piece of a social and mobile audit you can do for your clients that would be immensely useful to them.
The Mobile Device Management is largely hype, the opportunity to sell protection to users who are clearly not concerned about what they are sharing with third parties is slim to none. However, providing audits, guidance, education and assistance – that transcends the geek factor and moves the MSP into the business process discussion of protecting the part decision makers actually care about: their company.